Need to solve problems with no trusted users who get connection to LAN

Share

Because in my Network users are moved or relocated very often, most of the times without any advise, I most solve the problem I have with LAN ports in enable state not connected for a day or two, leaving a security hole.

I read something related to 802.1X to implement authentication via a radius server before giving connectivity to users, but first of all, my users are W2000 and I have a mixed platform of 6500 and 6000s catalyst switches running CATOS or IOS. IOS are catalyst 6500 with IOS version IOS (tm) c6sup2_rp Software (c6sup2_rp-PSV-M), Version 12.1(8a)E3, EARLY DEPLOYM

Is it possible to implement a control with hardware and software according to the platform I have, or do you know any other solution to implement besides security port feature?, I mean, an easier feature to implement than port security.

Replies

You can use the switchport port-security command to control port access based on MAC addresses. Using port security, the interface dynamically learns MAC addresses or they can be statically configured too. You can also use AAA to authenticate users against locally configured username/passwords or databases such as tacacs+ or radius. Here is the documentation link on the same.

Thanks for your question, just wanted to be sure there if there was something else besides port security or 802.1x, seems 802.1x is the best choice, but the only issue I have now is if my hardware supports to be upgraded to the IOS or CATOS that support this 802.1Xfeature.